bundler-audit icon indicating copy to clipboard operation
bundler-audit copied to clipboard
verified publisher icon rubysec

Request - HTML output

Open sterankin opened this issue 7 years ago • 6 comments

I'm not seeing an obvious way to output to HTML as part of a CI build.

Is there an -o html?

Also - how can i prevent the CI task from failing with an Exit status of 1?

sterankin avatar Aug 31 '18 11:08 sterankin

The author is working on a Formatting API, as several people have requested JSON and XML output. See #161 for details. If the XML formatter is working, you might be able to convert it to HTML using XSLT.

For the exit status, it looks like it will always return an exit code of 1 if there are vulnerabilities (https://github.com/rubysec/bundler-audit/blob/master/lib/bundler/audit/cli.rb#L57). You can look into methods of ignoring this value in your CI task, but I think the correct solution is to replace the vulnerable dependencies in your project.

thirdender avatar Sep 19 '18 16:09 thirdender

#206 adds support for plain and xml output.

@sterankin

bundle-audit check || true

salzig avatar Jan 18 '19 12:01 salzig

Just in case someone needs an easy one-shot solution to display bundler-audit's output in a browser you (just the colors) you can do something like this, which results in a html you can check out here.

#!/bin/bash
set -ue

HTML_FILE="./bundler_audit.html"

# force color output by pretending to be an interactive tty
faketty() { script -qfc "$(printf '%q ' "$@")"; }

cat - > "${HTML_FILE}" <<EOF
<html>
  <meta charset="utf-8" />
  <title> bundler-audit report </title>
  <script src="https://cdn.jsdelivr.net/npm/ansi_up@4/ansi_up.min.js" type="text/javascript"></script>
  <script type="text/javascript">

  document.addEventListener('DOMContentLoaded', function(event) {
      var console = document.getElementById("console");
      var console_text = console.textContent
      console.textContent = ""
      var ansi_up = new AnsiUp;
      var html = ansi_up.ansi_to_html(console_text);
      console.innerHTML = html;
  });
  </script>
  <pre id="console">
EOF

faketty bundler-audit check | tee -a "${HTML_FILE}"

echo '</pre></html>' >> "${HTML_FILE}"

clushie avatar Jun 23 '20 09:06 clushie

bundler-audit 0.8.0.rc1 has been released, and includes a new extendable Formats API. It should now be possible to write 3rd party formats that are loaded via require.

postmodern avatar Dec 23 '20 02:12 postmodern

If anyone wants bundler-audit to officially support HTML output, all that I request is:

  • It must be either use heredoc or ERB. No extra dependencies on Nokogiri, HTML helpers, etc.
  • It must output static HTML and CSS. No JavaScript.
  • Vanilla CSS. No SASS, SCSS, or CSS frameworks that require npm or yarn, etc.
  • Embedded images are OK. (I prefer embedded SVGs.)

Also, we could use Thor's built-in HTML output, but I bet we could structure the data much better in HTML tables and lists.

postmodern avatar Feb 27 '21 04:02 postmodern

Now that bundler-audit 0.8.0 has finally been released, work can start on HTML output using the new Bundler::Audit::CLI::Formats API.

postmodern avatar Mar 12 '21 02:03 postmodern